PUP Crap

So last night I was downloading/installing MSN Weather gadget (from http: // www. thoosje.com/Windows-7-gadgets-weather. html) to check it out and got hit with a PUP, Lucky Coupons/Savings. Dang thing installed even though I said not to, so fast I couldn't even close out the download (as is typical).

I think I got rid of it this morning after using multiple tools, including MBAM, HitMan Pro, adw Cleaner, CCleaner and MSE. I find no remnants and all scans now come up clean. Nothing in IE add ons or Firefox add ons/plugins.

Having said that, is there anything that will run in REAL TIME that is FREE that will stop PUP's before they get their hooks in? I can't remember the last time I got hit with anything (knock wood), and I want it to stay that way.

My current security apps are MSE, MBAM (free), WinPatrol, and I also installed SpywareBlaster today (will that help?).

Sandboxie wouldn't help in this situation. It wasn't a driveby install. La Luna downloaded and installed the program on her own. This would have been done outside of the sandbox. This is why I make it a practice to scan programs before letting them out of the sandbox or running them. If possible I also upload the program to VirusTotal or Jotti to be scanned.

Process Guard doesn't work beyond XP. I miss it horribly. The OP has Windows 7 and some classic HIPS do work on Win 7. NONE work on Win 8...just like most programs that you used and loved on earlier OSes won't work on Win 8 so suggesting to get a classic HIPS is rather difficult after XP. Plus, the few out there for Win 7 are not easy to use like ProcessGuard. Firewalls are another thing that don't work on Win 8 except Windows firewall so your solutions are great for XP but not beyond it and especially not for Win 8. However, SuperAntispyware caught it and it DOES work on Win8. Malwarebytes didn't catch it. But the best thing for Win8 is the right click send to Virus Total app and send all downloaded files there.--When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

At some point in the click through box's when installing it would be stated that you agree to the install of or need to uncheck box(s) or *skip* a component installs of the bundle.

Unfortunetly most people click through the EULA without any verification of what they are agreeing too being installed on their computers.

The end user then looks to security vendors to remove extra application(s) they have installed.

The problem for the vendors is if they go unloading somebody else's application then they leave them selves open to being sued for damages to the other parties business model.

Some greyware providers are more hot on enforcing compliance in this area. For example "Babylon Toolbar, WhiteSmoke and Delta" will not stay targeted for unloading by any commercial vendor for long as those greyware purveyers are quick to start litigation.

The truth is since the end user agreed to the EULA, the vendors will end up paying silly amounts in damages should it go before a judge.

The 3 best ways to deal with PUP's are as following.1)Non commercial removal tools tend to avoid threatened litigation( not much $'s for the targeted software owners from non commercial entities)so tend to be more effective when removing PUP's then mainstream vendors.

2) Non mainstream removal tools tend to avoid litigation since the targeted application owners don't see big chunks being taken out of their profit margins by tools that are only used by a couple hundred users or so.(Litigation avoidance through obscurity).

3) Add/remove panel and targeted applications website.Most Uninstallers work for PUP applications with the exception of the following scenario's.The end user either runs the uninstaller with their browser open and the uninstall is incompleted as the browser holds settings/files in place. This is a very common reason for incomplete uninstalling.Or the end user has let a removal tool try to uninstall it first and the removal tool has by way of an incomplete removal has in fact damaged the uninstall routine of the targeted application.

Either way most mainstream greyware application providers provide "Uninstallation" help on their webpages but for me the easiest way to deal with this stuff is the standard approach as if you have a corrupted install of any application. Install it over again to follow correct Uninstall routine to get shot of it properly

There was a check box to not allow the "extra" stuff, but when I unchecked it (to NOT allow), it ignored my choice and continued to install the "extras" anyway. I did make a mistake by not scanning it before installing. Admittedly got a little complacent there, as I usually do that. I'd swear I've downloaded stuff from that site before with no problems, but maybe I'm not remembering correctly.